The revelations last week about Heartbleed, a security flaw in common website protection mechanisms, has caused shockwaves across the Internet. Many experts (including ourselves) are advising web users to change sensitive passwords immediately because they may have already been stolen by hackers.
Here are a few tips to improve password security to protect yourself in future.
How to choose a good password
Believe it or not, but some people choose the silliest, and therefore easiest to hack passwords. The most common passwords in circulation are "123456", "password" and "qwerty", all of which are easily guessed. Other examples include the names of spouses, children or pets - again easily guessed and therefore insecure.
The key to a good password is choosing one that is at least eight characters long and includes upper and lowercase letters and numbers. For increased security you should avoid using dictionary words - "real" words - in favour of random looking groups of letters. It is however very important that you choose a password you can remember without writing it down anywhere.
Keeping your password safe
However, for maximum password security, you must not use the same passphrase for every website - if someone manages to get hold of your password, they could then access all your online accounts and you would be no better off.
Having said that, the use of similar passwords is perfectly acceptable, so long as you take care to keep them safe in your memory.
Once you have settled on a password, there are still some things you need to do to keep it safe:
- Do not log in to your bank accounts, financial sites or social media accounts (or any sensitive websites for that matter) from a computer that is not yours. Internet cafes and kiosk PCs may be useful for checking your personal email on holiday, but they could also harbour malware that steals passwords.
- Avoid using public WiFi. As convenient as public WiFi hotspots may be, there always remains the potential for someone to be intercepting your web traffic and stealing passwords.
- Never write your passwords down. It sounds simple, but millions of people across the world still write their passwords on post-it notes stuck to their computer screen.
- Investigate the use of a password management program. 1Password (and similar apps) provide a way to create and store extremely secure passwords across devices, making life much easier.
Remember that you will need to apply these same principles to every password for every website.
The Heartbleed security flaw continues to be a major problem for many websites, so it is very important that you change your passwords now. Using the tips above you should be able to create strong passwords that are much harder for criminals to "break", giving you an additional layer of security.
As always, you should give the Get Support team a call on 01865 594000 if you need assistance with passwords, or would like further advice on keeping your mobile workforce secure when connecting to the office network via public WiFi.